Most of us start our day by checking our emails; we go through the headlines of our work and personal account, sift through the junk that comes in during the night, and hope not to find anything too urgent from work or the mother-in-law.
For years, it’s been considered relatively safe to share our email address, but even that is changing. In today’s world it’s become easy to mistakenly accept an email as coming from institutions or individuals that we are familiar with and fall victim to what is known as an email phishing scam.
What is email phishing?
Phishing is an attempt to try to get you to hand over personal data, such as passwords or credit card details. It’s called email phishing when it’s done by using deceptive emails that look like they’re being sent from someone or a corporation that you trust. They usually include legitimate-looking logos and telephone numbers of your trusted contacts. This type of cybercrime is not a new phenomenon, however, in the past years, criminals have refined their tools and trying their luck more often.
- A recent scam that has recently been targeting public and private entities is called CEO Fraud, where company employees receive emails that look as though they are coming from an important person within the company, such as the CEO or Director. Inevitably, when an email is sent from their “superior”, employees can be quick to act, by replying to the email or clicking on a link.
- In May of this year, over 200 Maltese individuals fell victims to a scam that looked like a postal operator asking recipients to pay an administrative fee for their package to be released for delivery. This type of scam takes advantage of our excitement as we wait for a package to be delivered, but be careful, for some victims this excitement ended up costing them between €800 and €1,800.
- Renowned bank institutions, including the Central Bank of Malta, also ended up a victim of phishing scams, with emails being sent out in an attempt to get recipients to give away sensitive information.
Some phishing emails are easy to recognize, particularly when the grammar and structure of the email are so appalling, they give it away from the get-go. Sometimes the sender blatantly asks for money based on some far-fetched fabricated story about inheritance or winning the lottery. But craftier cybercriminals are clever in their approach and manage to deceive recipients by successfully posing as a trustworthy institution or person. The email structure and grammar look good in these emails, the argument and reasoning are also very convincing, and they usually go as far as creating a proper and professional-looking design and colour scheme that fool the eye.
Here’s Melita’s guide on how to protect yourself with a few easy steps:
Stay on the ball
Educate yourself and your employees – google ‘phishing examples and samples’ and find out what they look like. It’s easier to find something when you know what you’re looking for.
Don’t be gullible
Watch out for the tone of voice used in the email – does it seem urgent or asking for something unusual? Cybercriminals tend to rush a recipient for information, so always take your time before acting. Check, and check again.
No detail is too small
In an attempt to replicate the email address of a contact that you know, cybercriminals will change one small detail of an email address in the hope that you won’t notice. But just one full-stop, or a small typo in an email address, means that it will be sent to a different recipient and not someone you know.
Don’t get attached too soon
Attachments with funny extensions such as .zip or .scr should be treated with suspicion. Do not click on them or open them unless you’re absolutely sure that they are legitimate.
If you are aware of phishing attacks, make sure to communicate this with others that might be affected and reach out to a professional to help out.